it provides some sort of errors as below

ctaocrypt/src/tfm.c: In function 'fp_mul_comba':
ctaocrypt/src/tfm.c:445:11: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
ctaocrypt/src/tfm.c:445:11: error: 'asm' operand has impossible constraints
make[1]: *** [ctaocrypt/src/src_libcyassl_la-tfm.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [all] Error 2

When I search on the Interent about the cause of the error, they are telling me the source of the erro is lack of registers? But I don't get what does that mean?"You have to remember that these machines have a limited number of registers. And its possible to actually run out - that's what the error you're getting is telling you" And my machine is lenovo y400 in 32 bit form.

Could you help me how to solve what I have faced?

DECODING PUBLIC KEY
--------------
I am also of the impression that RsaPublicKeyDecode() in Cyassl can be be a replacement for PEM_read_bio_RSAPublicKey() or d2i_RSAPublicKey() in openssl without any issues since Cyassl provides openssl compatibility layer for only private key rsa private key operations

ENCODING PUBLIC KEY
-----------------------------
I couldn't find any function in Cyassl for encoding public keys.
Is there any Cyassl alternative for openssl i2d_RSAPublicKey()

EDIT:
Further search through the source reveals that  CyaSSL_EVP_Cipher [EVP_Cipher] is available
which i can use by passing CyaSSL_EVP_aes_128_ctr to select 128 counter mode.
I have realized that in counter mode, CyaSSL_EVP_Cipher only call AesCtrEncrypt()
This brings me back to the initial issue of context.
AesCtrEncrypt() does not accept context structure, hence will not update the context.

Thank you

The below patch (on cyassl-2.6.0) appears to solve the problem. Looking at the code, building without LARGE_STATIC_BUFFERS (which is what I do) makes things worse.

Index: cyassl/src/internal.c
===================================================================
--- cyassl.orig/src/internal.c    2013-05-08 15:22:15.704663345 +0200
+++ cyassl/src/internal.c    2013-05-08 15:24:14.716658339 +0200
@@ -1791,6 +1791,7 @@
 
 int DtlsPoolSend(CYASSL* ssl)
 {
+    int ret;
     DtlsPool *pool = ssl->dtls_pool;
 
     if (pool != NULL && pool->used > 0) {
@@ -1807,6 +1808,9 @@
             c16toa(ssl->keys.dtls_epoch, dtls->epoch);
             c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
 
+            if ((ret = CheckAvalaibleSize(ssl, buf->length)) != 0)
+                return ret;
+
             XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
             ssl->buffers.outputBuffer.idx = 0;
             ssl->buffers.outputBuffer.length = buf->length;

I have got a RSA private key in PKCS#8 DER format as output from Java (privateKey.getEncoded()), and would like to convert the DER binary into a RsaKey with the method:

RsaPrivateKeyDecode(keyDer, &idx, privateKey, sizeKeyDer);

It failed in GetInt(), since (b != ASN_INTEGER). Instead of (b = 2), in my case (b = 48, or b = 0x30). I have attached the key.

Decoding a private key in DER format generated with openSSL was successful. Could you please tell me, which format CyaSSL supports for the DER - RsaKey conversion?

Thanks,

Yun

I am testing CyaSSL for embedded devices. Could you please advice the best configuration settings for runtime performance (i.e. speed)? We are running CyaSSL as pure software without any specific hardware support for crypto operations.

Especially for RSA there are a lot of configuration options to use different algorithms. In mpi_class.h I saw various configurations.

Thanks,
Yun

I know SnifferServer is not being freed, this isn't the problem - I know it's quite general, but, any ideas?

sure, I can use the program with one thread, but I find the multithreaded version much faster to go over large data sets.

thanks,
Dan

./configure --without-zlib --enable-static --enable-shared=no CFLAGS="-arch i386 -mmacosx-version-min=10.4" LDFLAGS="-arch i386"

Now I get an error when building a lot of the binaries. Probably means that some outputs are picking up the platform override and some ignore it. Is there a new way I should be using to specify architecture?

  CCLD     testsuite/testsuite
ldld: warning: ignoring file ctaocryptld/test/:test.o , warningfile:  wasld :built  warningfor:  unsupportedignoring  filefile  formatctaocrypt /(benchmark /0xcfbenchmark.o ,0xfa  file0xed  was0xfe  built0x  for7  unsupported0x  file0  format0x  (0  0xcf0x  0xfa1  0xed0x  0xfe3  0x0x  70  0x0x  00  0x0x  00  0x0x  11  0x0x  30  0x0x  00  0x0x  00  0x)  0which  0xis  1not  0xthe  0architecture  0xbeing  0linked  0x( i3860)   ctaocryptwhich/ testis/ test.onot
ldthe:  architecturewarning :being  ignoringlinked  file( i386src)/:. libsctaocrypt//libcyassl.abenchmark,/ benchmark.oignoringfile  filewas  srcbuilt/ .forlibs /archivelibcyassl.a ,which  fileis  wasnot  builtthe  forarchitecture  archivebeing  whichlinked  is( i386not) :the  srcarchitecture/ .beinglibs /linkedlibcyassl.a
(Undefinedi386 )symbols:  forsrc /architecture. libsi386/:libcyassl.a

Undefined" _mainsymbols" ,for  referencedarchitecture  fromi386::

     " _main " ,start  referencedin  fromcrt1.10.6.o:

I am looking into porting an app from OpenSSL to cyassl.

OpenSSL has a function 'DTLSv1_handle_timeout' that can be used
to re-transmit packets when sockets in non-blocking
mode are used. Is there similar mechanism in cyassl?

I realize that data packets are not re-transmitted and could
be lost and that's the consequence of using DTLS,
but some method of re-transmissions is needed for DTLS'
own protocol packets...

Most APIs seem very stable but I came upon this which uses an internal api (used to be in cyassl_int.h):

static void saveforreuse(iao_connection *c)
{
        if (doreuse(c))
        {
                agentsslsession = SSL_get_session(c->ssl);
                agentsslsession->bornOn = LowResTimer();
        }
}

I am guessing from the function names that the programmer was aiming to force the system to keep using the same ssl session across hits (the use case is a 5 minute https keep alive).

Does this make any sense? Would it have the intended effect?
What is the correct way of doing this in the 2.6 release?

Yuval

I am testing the yaSSL GPL code.

I started testing all the crypto algorithms supported by yaSSL.

Most of the algorithms got passed. But RSA test failed. When I debugged I found that this test failed because certificate got expired.

I hope yaSSL tries to extract the public key from the certificate and while validating this certificate it failed.

Can someone help me from where I could get the new client certificate.

Regards,
Satish

In "internal.c" around line 9255, there is the following code:

        byte*       out;
        int         outLen;
        byte        hashAlgo = sha_mac;
        byte        sigAlgo = anonymous_sa_algo;

        (void)out;
        (void)outLen;

While I don't understand the meaning of the last two lines, the compiler throws an error for outLen because this line uses it before it is set.
What's the purpose of those lines?
Can you either remove them or set an initial value to the two variables in future releases?

I have downloaded yaSSL GPL code and tried to build on Ubuntu platform.
While runing ./configure, i am facing some error as follows.

checking for g++ ... no
checking for c++... no
checking for gpp .. no
checking for aCC ... no
checking for CC ... no
checking for cxx ... no
checking for cc++ ... no
......
.....
checking whether c++ compiler works ... no
configure : error : C++ compiler cannot create executable.
see config.log for more details.

Can someone help me out how to fix thiis error?